On Tue, 3 Oct 2017, Phil Pennock wrote: > On 2017-10-03 at 14:50 -0600, Damien Miller wrote: > > Please note that the SHA256 signatures are base64 encoded and not > > hexadecimal (which is the default for most checksum tools). The PGP > > key used to sign the releases is available as RELEASE_KEY.asc from > > the mirror sites. > > Of the two up-to-date mirrors with 7.6 I can find: > rsync://openbsd.cs.toronto.edu/openbsd/OpenSSH/portable/ > https://fastly.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/ > neither has a "RELEASE_KEY.asc" file. The RELEASE_KEY.asc file is in the parent directory since it is used to sign both portable and OpenBSD releases, e.g. https://fastly.cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev